Protectionism, free trade and security up in the cloud

The US Ambassador’s rallying cry against “data protectionism” reflects US hopes for the Trans-Pacific Partnership. Plus, it says a lot about the future of cloud computing.

It was a peculiar piece, out of the blue, from Washington’s man in Australia: yesterday, Fairfax ran an op-ed from US Ambassador Jeff Bleich about “cloud protectionism” and why it was important that the Trans-Pacific Partnership negotiation currently underway (this week, in Auckland) pave the way for the removal of restrictions on movement of data across borders:

“Like people who once thought keeping their money hidden under the mattress was better than having it in a bank, some voices across the region, and even in Australia, have called for limiting the flow of data across borders, and requiring firms to install local data centres in each market to ensure local ‘control’. This ‘beggar thy neighbour’ protectionism would be just as self-defeating in the digital economy as in every other sector.”

The piece instantly raised hackles among opponents of the TPP, who see it (correctly) as a vehicle for the United States to re-fight battles on intellectual property it lost in the Anti-Counterfeiting Trade Agreement and push the interests of the copyright cartel and big pharmaceutical companies.

Moreover, the Patriot Act, which enables the US government to demand US companies turn over private data that isn’t even held on servers on US soil, remains a key concern for the entire cloud computing industry, although the genial ambassador neglected to mention the legislation in his discussion of the issue.

While the US government might be eager to ensure it can maximise its access to the world’s confidential data, it is more likely that the Ambassador was engaged in the far more traditional tactic of trying to maximise sales opportunities for US firms. The US, with Japan, is the world leader in cloud computing services. According to a Gartner report, US cloud computing exports of varying kinds — and remember the term “cloud computing” covers a broad range of quite different services — were already worth US$1.5 billion in 2011, with additional sales of nearly US$1.4 billion by US-owned local affiliates.

The biggest impediment to growing this market is what is termed “cloud protectionism” or “nationalistic cloud computing agendas”. For that, read Europe. The Europeans have imposed considerably tougher requirements on cloud service providers, in areas like privacy, interoperability and certification. There’s currently an exemption in place for US firms, but the tougher European protections are seen as a major obstacle for US firms. The European regulations have been criticised by the US Software & Information Industry Association.

But before you assume the Europeans are taking privacy protection seriously while the US is hellbent on vacuuming up everyone’s data, the Europeans are not exactly pure of heart in this. They want to expand the European cloud storage industry, and they’re using a “Cloud Computing Strategy“ involving government procurement to grow it.

Turns out the term “cloud protectionism” isn’t such a misnomer after all.

It’s not just the Europeans, however. As Bleich flagged, some in Australia are recalcitrant as well — he just avoided mentioning the offending party. The Defence Signals Directorate, in its advice to government agencies on cloud usage updated in September, “recommends against outsourcing information technology services and functions outside of Australia, unless agencies are dealing with data that is all publicly available. DSD strongly encourages agencies to choose either a locally owned vendor or a foreign owned vendor that is located in Australia and stores, processes and manages sensitive data only within Australian borders.”

And so to the TPP. The US cloud industry holds great hopes for the TPP. US trade officials in a paper earlier this year said:

“Cloud industry officials also see the in-progress Trans-Pacific Partnership agreement as an opportunity to establish cloud-friendly trade policies, especially given that the TPP is being negotiated as a ‘gold standard’ agreement, with commitments in emerging areas that have not previously been covered by FTAs. A recent statement issued by the National Foreign Trade Council, ‘Promoting Cross-Border Data Flows’, mentions the TPP as an opportunity to establish new commitments on cross-border data flows.”

The National Foreign Trade Council is a US-business controlled industry body dedicated to making the world safe for US companies.

Bleich is merely echoing what the US cloud industry and trade officials want to see happen with the TPP. Moreover, Ambassador Bleich himself knows the industry, having led trade missions and been involved in conferences on the issue.

But despite Bleich’s vision of Australia and the US leading the world into a new era of borderless information flows, this is one issue where Australian and US national security interests seem to directly conflict. “A foreign owned vendor may be subject to their country’s laws even if the vendor is operating within Australia,” warned DSD. “If the vendor is subpoenaed by a foreign law enforcement agency for access to data belonging to the vendor’s customers, the vendor may be legally prohibited from notifying their customers of the subpoena.”

In short, says DSD, if you value knowing what’s happening to your confidential data, steer clear of US companies when it comes to selecting a cloud services provider.

I read that too with the same objections. It appears that the US is trying to play us as suckers by having us believe that the data in the ‘cloud’ will be sacrosanct. The truth is that those who control the cloud servers control that data, no matter how pure their intentions are and because of that control can be wrested away from them either publicly or secretly at the drop of a hat. Therefore the simple analogy of keeping your data under the mattress is the correct way to go, especially for anyone with something they want to keep secret.